Bucket policies define user privileges on buckets/flows in the Registry and in NiFi.
The available permissions are:

All - In the Registry, the assigned user is able to
view and delete flows in the bucket. In NiFi, the selected user is able to import
flows from the bucket and commit changes to flows in the bucket.

Read - In the Registry, the assigned user is able to
view flows in the bucket. In NiFi, the selected user is able to import flows from the
bucket.

Write - In NiFi, the assigned user is able to commit
changes to flows in the bucket.

Delete - In the Registry, the assigned user is able
to delete flows in the bucket.

Users would typically have Read permissions at a minimum. A user with Write
permission would not commit changes to a flow if they were not able to import it
initially. A user with Delete permission would not delete a flow if they could
not view it.

If a user has a bucket policy and the group that the user is in also has a
policy, all policies are used to determine access. For example, assume User1 is
in Group1, User1 has READ privileges on Bucket1 and Group1 has READ privileges
on Bucket2. In this scenario, User1 will have READ privileges on both Bucket1
and Bucket2.